CAS-004 Exam - Question 56

Question

An organization is considering a BYOD standard to support remote working. The first iteration of the solution will utilize only approved collaboration applications and the ability to move corporate data between those applications. The security team has concerns about the following:

✑ Unstructured data being exfiltrated after an employee leaves the organization

✑ Data being exfiltrated as a result of compromised credentials

✑ Sensitive information in emails being exfiltrated

Which of the following solutions should the security team implement to mitigate the risk of data loss?

Examice · Accepted Answer

The best solution to mitigate the risk of data loss in a BYOD setting where the focus is on approved collaboration applications and the movement of corporate data involves Mobile Application Management (MAM), Multi-Factor Authentication (MFA), and Digital Rights Management (DRM). MAM allows control over enterprise applications on personal devices, enabling selective wipes of only corporate data when an employee leaves. MFA helps protect against data exfiltration due to compromised credentials by adding an extra layer of security. DRM ensures that sensitive information remains protected by controlling access and sharing capabilities, preventing unauthorized exfiltration of sensitive data, especially through emails.

[Removed] · Answer

This is a tricky question from CompTIA, at least not as stupid as other questions.
It's definitely C  because MAM software secures and enables IT to control over enterprise applications on end users' corporate and personal smartphones and tablets and allows for selective wipes when the person leaves the organization.
MFA will help with compromised credentials 
and finally DRM will provide us with Email DRM Protection as Senders should be able to stop recipients from forwarding sensitive messages or downloading confidential documents locally.
https://www.virtru.com/blog/drm-protection

great_lake1231 · Answer

C; sounds like DRM, MFA, and application management to me

AlexJacobson · Answer

Yet another of badly constructed questions, that doesn't really test the knowledge and experience, but rather the ability to guess what the author of the question had in mind.... Anyway, here's what I think:

✑ Unstructured data being exfiltrated *after an employee leaves the organization* - geofencing 
✑ Data being exfiltrated as a result of *compromised credentials* - Certificates (no credentials being used)
✑ *Sensitive information in emails* being exfiltrated - DLP

Also, the data is only being moved between collaboration apps, so there's nothing on personal devices. Also, remote wipe is not possible to enforce on BYOD without MDM.

The again, it could just as easily be C)...

Big_Harambe · Answer

I could pitch either A, C, or D... screw comptia

sadamishspic · Answer

BYOD, MDM and MAM are the key indicators.

"One significant way that MAM is different than MDM is that MAM does not need control over the device. MAM ensures that sensitive data is not sent or copied to other applications. Employees using their own devices feel more at ease with MAM, as it has less control over their entire device than MDM software."

They described collaboration applications on BYOD.

BiteSize · Answer

C.  MAM is limiting the "Work" side of the phone, MFA to get after people have left, but DRM will have to utilize features to prevent exfiltration. (wish it said DLP)
You would not remote wipe employee's or former employee's 
personal phones so A is not the answer.
DNS over HTTPS (DoH) is only for 443 but has nothing to do with the concerns in the question 
Certificates, DLP seem to be kinda on point but geofencing and certificates don't really get after all of the concerns.
Source:
Verifying each answer against Chat GPT, my experience, other test banks, a written book, and weighing in the discussion from all users to create a 100% accurate guide for myself before I take the exam. (It isn't easy because of the time needed, but it is doing my diligence)

EZPASS · Answer

I also think the answer is C.

Boats · Answer

I select C because a MAM is concerned about corporate applications and not the whole device.

FOURDUE · Answer

i do not think it is D because of the use of geofencing.  Geofencing is a location-based technology service in which a mobile, desktop or cloud-based app or other software uses GPS, RFID, Wi-Fi or cellular data to trigger a pre-programmed action when a mobile device or RFID tag or mobile device enters or exits a virtual boundary set up around a geographical location, known as a geofence.

DRM is a broad term describing many different technical formats, it always includes some form of digital padlock on the file. These locks are called "license encryption keys" (complex mathematical codes), which prevent anyone from using or copying the file. People who pay for these encryption license keys receive unlock codes to use the file for themselves, but they are usually not allowed to share the file with other people.

we are only concerned with the first iteration of the solution:  utilize ONLY approved collaboration applications and the ability to move corporate data between those applications.

great_lake1231 · Answer

I was going through these questions and actually answered D this time.  Im inclined to agree with AlexJacobson and want to say D

Mr_BuCk3th34D · Answer

MDM is a set of tools and practices that are used to manage and secure mobile devices that are used in a BYOD environment. By implementing MDM, the security team can ensure that only approved collaboration applications are installed on the devices, and can enforce policies to ensure that corporate data is handled securely.

Remote wipe is a feature that allows the security team to remotely delete all data from a device if it is lost or stolen. This can help to prevent sensitive data from being exfiltrated after an employee leaves the organization, as the security team can remotely wipe the device to ensure that no sensitive data is left on it.

Data loss detection is a security feature that is designed to detect and alert the security team when sensitive data is being exfiltrated from the organization. This can help to prevent data from being exfiltrated as a result of compromised credentials or other types of data leakage.

romero318 · Answer

This is very confusing because a previous question that kind of relates to this question tells us to do remote wipe.

John199506 · Answer

The question is very straightforward for me. 
Sensitive information being exfiltrated by email will be detected by DLP

smqzbq · Answer

A
DLP should protect from "Data being exfiltrated as a result of compromised credentials" DRM will not.

Anarckii · Answer

"approved collaboration applications"

Remmmie · Answer

DLP is important in data exfiltration...

23169fd · Answer

Mobile Application Management (MAM): MAM allows the organization to control and secure the applications used on employees' personal devices. It ensures that only approved collaboration applications are used and that corporate data is managed securely within those apps.

Multi-Factor Authentication (MFA): MFA adds an extra layer of security by requiring multiple forms of verification before granting access to corporate applications and data. This helps mitigate the risk of data exfiltration due to compromised credentials.

Digital Rights Management (DRM): DRM helps protect sensitive information by controlling how data can be accessed, used, and shared. It ensures that data remains protected even if it is moved between approved applications or if an employee leaves the organization.

CAS-004 Exam - Question 56

Discussion